Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

How can we improve Azure Governance?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide description of type

    Provide a way to get a description of each type in the resource graph, much like the first "Type" field (display name of resource type) in the "All resources" pane in the Azure portal

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  2. GitOps

    How does this work with GitOps?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Prevent Owner role unless MFA enabled

    We have a requirement to ensure all Owners have MFA enabled, using Conditional access policies we can only assign Global Admins not Owners, so would appreciate a way within a management group to ensure the "owner" of the subscription has MFA enabled, which we could assign by policy instead of audit, adding enforce MFA for Owner

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Description to Role Assignment

    Add descriptions to Role assignment when value must be specified that shows up when assigning the blueprint to an Subscription.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow more than 100 items to be exported in azure resource graph

    Allow more than 100 items to be exported in azure resource graph
    If a limit is needed, 100 seems a bit small

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow use of resourceGroup() functions within a resource group artifact

    When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. Blueprints for Resource Groups

    I would love to have the blueprints for resource groups as well.

    To quote from your documentation:

    'With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.'

    Replace "subscription" with "resource group" in the text above and there you have my request. :)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. Get policy state return all objects

    When getting policy state it only returns non-compliant objects. If the results returned all objects it would be easier to get an overview of compliance status for the environment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Policy - Extend policy aliases for Microsoft.Datamigration provider

    Create aliases for objects within services/projects to allow auditing or enforcement of authentication/encryption options on new migrations.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow adding Azure Policy initiative parameters later on (after you've saved and closed out of it)

    Presently you can only add initiative parameters upon first creation of the initiative. Once you save it and go back in to edit you can no longer add parameters. This is very inflexible and requires you to know everything you want in the initiative up front.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. PCI DSS 3.2.1 BluePrint

    1- After creating a blueprint by using the new PCI DSS 3.2.1 one, I've seen that the it has only the following which I believe is not the complete list. Is this an issue or it's due to being still Preview?
    *Deploy Threat Detection on SQL servers
    *Require encryption on Data Lake Store accounts
    *Allowed locations
    *Deploy Auditing on SQL servers
    *Deploy SQL DB transparent data encryption
    *Allowed locations for resource groups

    2- Will this blueprint provide guidence on what Azure Resources should used for PCI DSS Compliance? As an example the previous blueprints page was stating that ASE (App…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Policy - Need a policy alias for Microsoft.RecoveryServices/vaults/monitoringConfigurations

    In order to create an azure policy that audits recovery vaults that do not have backup alerts enabled, there should be an alias for the monitoringConfigurations property.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Meter Category/Service Name in resource graph

    The category type Meter category, which is available at billing modul is not available at resource graph.
    It is only the resource type category available, that is not the same as meter category.
    So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. Blueprints do not create managed identities for deployifnotexist policy initiatives

    Currently Azure Blueprints can assign policy initiatives but do not properly create the managed service identity for deployifnotexist policy definitions within the initiative. This needs to be corrected as that is basic functionality of a policy initiative assignment. The managed identity is created correctly if directly assigning the policy definition outside of an initiative.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to query arrays without specifying an index

    Please introduce new operators like all_of() & any_of() for array members query.

    Today I have to specify an index if I want to query alertRules with a specific property value, ie:

    where type =~ 'microsoft.insights/alertrules'
    | where properties.actions[0].sendToServiceOwners == "true"

    I would like a way to query if any or all items in the array are matching

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  17. Renaming Azure Management Group to Azure Subscription Group

    Azure Management Group should have been called/renamed to Azure Subscription Group for subscription grouping, analogous to Resource Group for resource grouping. Subscription Group is much more specific and descriptive than Management Group to indicate subscription grouping.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Management Groups  ·  Flag idea as inappropriate…  ·  Admin →
  18. Bug: If tags are appended by Built-In Policy they do not appear on UI and Powershell before you update resource tags

    Hi,

    There is a bug in Policy and Resource tags.

    If you use policies to append tags & values to Resource from Resource Group those appended tags and values do not appear in resource, before you update tags by Azure Portal UI. Right away when you example add new tag and press save button, those tags what are appended by policies appears on UI and Powershell. Not before.

    I have tested this and even next day or after two days those tags and values not appear in resource before updating tags.

    So if you want those tags and values shown…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure Resource Graph - Caputure users/owners info for all resource types

    It would be great to add ability to capture the user/owner information for all resource types in Resource Graph. Currently, for a lot of resource types, e.g., Machine Learning Services Workspace, etc., the user/owner information is not available in the resource graph. Which is a critical information a lot of customers are looking for.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Resource Graph: Incorporate more Tabular operators from Kusto, like Join

    Per https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabular-operators - there's a limited selected of Tabular operators that work in Azure Resource Graph. It would be beneficial if additional operators, such as Join, are supported.
    Example: If I wanted to pull all VMs and their private IP address, I would need to join the VM with the NIC resource to pull both properties in a single report

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base